trace-to-skill 0.1.101 → 0.1.102
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +6 -6
- package/dist/src/init.js +3 -3
- package/dist/src/ossBrief.js +2 -1
- package/dist/src/ossBrief.js.map +1 -1
- package/dist/src/sensitiveAudit.d.ts +21 -0
- package/dist/src/sensitiveAudit.js +75 -2
- package/dist/src/sensitiveAudit.js.map +1 -1
- package/docs/CODEX_GITHUB_ISSUE_PAIN_MAP.md +1 -1
- package/docs/CODEX_ISSUE_MAP.md +2 -2
- package/docs/CODEX_ISSUE_RADAR.md +1 -1
- package/docs/DISCOVERY.md +1 -1
- package/docs/OPENAI_OSS_BRIEF.md +5 -4
- package/docs/USE_CASES.md +3 -3
- package/llms.txt +2 -2
- package/package.json +4 -1
- package/schemas/sensitive-audit-result.schema.json +88 -1
package/README.md
CHANGED
|
@@ -64,7 +64,7 @@ Use it when you need to:
|
|
|
64
64
|
- **Protect agent context:** run `trace-to-skill guard-github-event "$GITHUB_EVENT_PATH"` before feeding issue, PR, comment, discussion, check-run, or commit text into an agent.
|
|
65
65
|
- **Prevent unsafe patch overwrites:** run `trace-to-skill guard-patch ./change.patch --root .` before applying generated patches so `*** Add File` cannot silently replace an existing file or symlink target.
|
|
66
66
|
- **Audit local Codex session history:** run `trace-to-skill session-audit ~/.codex --format json` to summarize rollout JSONL sizes, huge lines, parse errors, state files, short `session_index.jsonl` evidence, bloated transcript-like sidebar titles, subagent lifecycle signals, and recoverable unindexed thread ids without publishing private transcripts.
|
|
67
|
-
- **Preflight sensitive paths before agent runs:** run `trace-to-skill sensitive-audit . --format json` to find `.env`, private keys, package auth files, cloud credentials, local databases, signing files, and secret manifests by filename/path without reading file contents.
|
|
67
|
+
- **Preflight sensitive paths before agent runs:** run `trace-to-skill sensitive-audit . --format json` to find `.env`, private keys, package auth files, cloud credentials, local databases, signing files, and secret manifests by filename/path without reading file contents. The report now checks project-level `.codexignore`, `.agentignore`, `.aiexclude`, and `.gitignore` coverage for the recommended patterns; add `--format ignore --ignore-target codexignore` to generate a reviewable `.codexignore` candidate without mutating the repo.
|
|
68
68
|
- **Preflight language-server readiness:** run `trace-to-skill lsp-audit . --format json` to detect repo languages, missing LSP commands, install hints, and evidence files before asking Codex for symbol-aware edits.
|
|
69
69
|
- **Audit Codex config drift:** run `trace-to-skill config-audit ~/.codex --format json` to summarize legacy profile config, model pins, Speed/Fast service-tier persistence drift, sandbox/approval posture, Windows elevated sandbox mode, missing permission profiles, plugin cache drift, and MCP approval sprawl.
|
|
70
70
|
- **Audit bundled plugin drift:** run `trace-to-skill plugin-audit ~/.codex --app /Applications/Codex.app --format json` to check Browser, Chrome, Computer Use, bundled marketplace, plugin cache, manifest, helper app, `CODEX_HOME`, and unsupported feature-flag drift without posting raw logs.
|
|
@@ -343,7 +343,7 @@ trace-to-skill sensitive-audit . --format ignore --ignore-target codexignore --o
|
|
|
343
343
|
trace-to-skill lsp-audit . --output lsp-readiness.md
|
|
344
344
|
```
|
|
345
345
|
|
|
346
|
-
This removes common API keys, GitHub/npm/Slack tokens, bearer tokens, email addresses, local home paths, and hidden Unicode controls while preserving enough context for maintainer review. `sensitive-audit` is filename/path-only
|
|
346
|
+
This removes common API keys, GitHub/npm/Slack tokens, bearer tokens, email addresses, local home paths, and hidden Unicode controls while preserving enough context for maintainer review. `sensitive-audit` is filename/path-only, can emit `.agentignore`, `.codexignore`, `.aiexclude`, or `.gitignore` candidates, and reports whether existing project ignore files already cover the recommended patterns. `.gitignore` coverage is shown as hygiene evidence, not as proof of an agent read-deny boundary; `lsp-audit` detects repo language signals and missing language-server commands without installing anything.
|
|
347
347
|
|
|
348
348
|
Scaffold a repo:
|
|
349
349
|
|
|
@@ -549,7 +549,7 @@ jobs:
|
|
|
549
549
|
issues: write
|
|
550
550
|
steps:
|
|
551
551
|
- uses: actions/checkout@v5
|
|
552
|
-
- uses: grnbtqdbyx-create/trace-to-skill@v0.1.
|
|
552
|
+
- uses: grnbtqdbyx-create/trace-to-skill@v0.1.102
|
|
553
553
|
with:
|
|
554
554
|
mode: all
|
|
555
555
|
doctor-threshold: "85"
|
|
@@ -598,7 +598,7 @@ Composite action usage:
|
|
|
598
598
|
|
|
599
599
|
```yaml
|
|
600
600
|
- id: trace-to-skill
|
|
601
|
-
uses: grnbtqdbyx-create/trace-to-skill@v0.1.
|
|
601
|
+
uses: grnbtqdbyx-create/trace-to-skill@v0.1.102
|
|
602
602
|
with:
|
|
603
603
|
mode: all
|
|
604
604
|
doctor-threshold: "85"
|
|
@@ -616,7 +616,7 @@ Issue-map action usage for direct GitHub issue demand mining:
|
|
|
616
616
|
|
|
617
617
|
```yaml
|
|
618
618
|
- id: codex-issue-map
|
|
619
|
-
uses: grnbtqdbyx-create/trace-to-skill@v0.1.
|
|
619
|
+
uses: grnbtqdbyx-create/trace-to-skill@v0.1.102
|
|
620
620
|
with:
|
|
621
621
|
mode: issue-map
|
|
622
622
|
issue-map-repo: openai/codex
|
|
@@ -662,7 +662,7 @@ Action outputs:
|
|
|
662
662
|
|
|
663
663
|
By default, generated reports are also appended to the GitHub Actions Job Summary. Set `job-summary: "false"` to disable that UI output.
|
|
664
664
|
|
|
665
|
-
Tagged Action releases build and run the CLI from `$GITHUB_ACTION_PATH`, so a workflow pinned to a release tag such as `@v0.1.
|
|
665
|
+
Tagged Action releases build and run the CLI from `$GITHUB_ACTION_PATH`, so a workflow pinned to a release tag such as `@v0.1.102` executes that release's checked-out source instead of pulling the default branch at runtime.
|
|
666
666
|
|
|
667
667
|
## Codex Skill
|
|
668
668
|
|
package/dist/src/init.js
CHANGED
|
@@ -101,7 +101,7 @@ function renderCodexReadinessWorkflow(doctorThreshold, comment) {
|
|
|
101
101
|
" steps:",
|
|
102
102
|
" - uses: actions/checkout@v5",
|
|
103
103
|
" - id: trace-to-skill",
|
|
104
|
-
" uses: grnbtqdbyx-create/trace-to-skill@v0.1.
|
|
104
|
+
" uses: grnbtqdbyx-create/trace-to-skill@v0.1.102",
|
|
105
105
|
" with:",
|
|
106
106
|
" mode: all",
|
|
107
107
|
` doctor-threshold: "${doctorThreshold}"`,
|
|
@@ -128,7 +128,7 @@ function renderAgentLearningWorkflow(traces, threshold, comment, sarif) {
|
|
|
128
128
|
const steps = [
|
|
129
129
|
" - uses: actions/checkout@v5",
|
|
130
130
|
" - id: trace-to-skill",
|
|
131
|
-
" uses: grnbtqdbyx-create/trace-to-skill@v0.1.
|
|
131
|
+
" uses: grnbtqdbyx-create/trace-to-skill@v0.1.102",
|
|
132
132
|
" with:",
|
|
133
133
|
" mode: traces",
|
|
134
134
|
` traces: ${traces}`,
|
|
@@ -175,7 +175,7 @@ function renderIssueRadarWorkflow(repo, state, limit, commentIssue) {
|
|
|
175
175
|
" steps:",
|
|
176
176
|
" - uses: actions/checkout@v5",
|
|
177
177
|
" - id: issue-map",
|
|
178
|
-
" uses: grnbtqdbyx-create/trace-to-skill@v0.1.
|
|
178
|
+
" uses: grnbtqdbyx-create/trace-to-skill@v0.1.102",
|
|
179
179
|
" with:",
|
|
180
180
|
" mode: issue-map",
|
|
181
181
|
` issue-map-repo: ${repo}`,
|
package/dist/src/ossBrief.js
CHANGED
|
@@ -13,7 +13,7 @@ export async function runOssBrief(target = process.cwd(), threshold = 85) {
|
|
|
13
13
|
const commandName = packageName ? `npx ${packageName}` : "trace-to-skill";
|
|
14
14
|
const qualificationLong = [
|
|
15
15
|
`${projectName} helps open-source maintainers adopt Codex safely by turning failed coding-agent runs into evidence-backed rules, reusable workflows, CI gates, and a weekly Codex Issue Radar for live GitHub issue demand.`,
|
|
16
|
-
`It supports real maintenance work: PR review, issue triage, release quality, MCP risk, prompt-injection defense, privacy-preserving trace sharing, and repeat failure reduction.`,
|
|
16
|
+
`It supports real maintenance work: PR review, issue triage, release quality, MCP risk, prompt-injection defense, privacy-preserving trace sharing, sensitive-file policy coverage, and repeat failure reduction.`,
|
|
17
17
|
`The repository is ${scorecard.doctor.status}, scores ${scorecard.doctor.score}/100 on the local Codex readiness doctor, and ships a deterministic benchmark with ${scorecard.benchmark.cases} public fixture cases.`
|
|
18
18
|
].join(" ");
|
|
19
19
|
const apiCreditsLong = [
|
|
@@ -125,6 +125,7 @@ function buildEvidence(scorecard, commandName, repository, packageName, packageV
|
|
|
125
125
|
`Public fixture benchmark: ${scorecard.benchmark.status}, ${scorecard.benchmark.cases} cases.`,
|
|
126
126
|
"GitHub issue demand mining: issue-map fetches or reads piped GitHub CLI issue JSON, then ranks OpenAI/Codex issues by failure class, comments, reactions, evidence gaps, and Maintainer Roadmap next artifacts.",
|
|
127
127
|
"Weekly Codex Issue Radar: init --issue-map-repo owner/name scaffolds a scheduled Action that fetches live GitHub issues and publishes the pain map to the job summary or a stable tracking issue comment.",
|
|
128
|
+
"Sensitive-file preflight: sensitive-audit reports filename/path-only findings, recommended .codexignore/.agentignore/.aiexclude candidates, and project policy coverage without reading secret contents.",
|
|
128
129
|
"Maintainer control: generated rules are suggestions, evidence is line-linked, and secrets can be redacted before sharing."
|
|
129
130
|
];
|
|
130
131
|
}
|
package/dist/src/ossBrief.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ossBrief.js","sourceRoot":"","sources":["../../src/ossBrief.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,YAAY,EAAwB,MAAM,gBAAgB,CAAC;AAmCpE,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,MAAM,GAAG,OAAO,CAAC,GAAG,EAAE,EAAE,SAAS,GAAG,EAAE;IACtE,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAClC,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IACtD,MAAM,WAAW,GAAG,MAAM,eAAe,CAAC,IAAI,CAAC,CAAC;IAChD,MAAM,UAAU,GAAG,sBAAsB,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;IACnE,MAAM,WAAW,GAAG,WAAW,EAAE,IAAI,CAAC;IACtC,MAAM,cAAc,GAAG,WAAW,EAAE,OAAO,CAAC;IAC5C,MAAM,OAAO,GAAG,WAAW,EAAE,OAAO,IAAI,uBAAuB,CAAC,SAAS,CAAC,CAAC;IAC3E,MAAM,WAAW,GAAG,WAAW,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IACvD,MAAM,WAAW,GAAG,WAAW,CAAC,CAAC,CAAC,OAAO,WAAW,EAAE,CAAC,CAAC,CAAC,gBAAgB,CAAC;IAE1E,MAAM,iBAAiB,GAAG;QACxB,GAAG,WAAW,8MAA8M;QAC5N,
|
|
1
|
+
{"version":3,"file":"ossBrief.js","sourceRoot":"","sources":["../../src/ossBrief.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,YAAY,EAAwB,MAAM,gBAAgB,CAAC;AAmCpE,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,MAAM,GAAG,OAAO,CAAC,GAAG,EAAE,EAAE,SAAS,GAAG,EAAE;IACtE,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAClC,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IACtD,MAAM,WAAW,GAAG,MAAM,eAAe,CAAC,IAAI,CAAC,CAAC;IAChD,MAAM,UAAU,GAAG,sBAAsB,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;IACnE,MAAM,WAAW,GAAG,WAAW,EAAE,IAAI,CAAC;IACtC,MAAM,cAAc,GAAG,WAAW,EAAE,OAAO,CAAC;IAC5C,MAAM,OAAO,GAAG,WAAW,EAAE,OAAO,IAAI,uBAAuB,CAAC,SAAS,CAAC,CAAC;IAC3E,MAAM,WAAW,GAAG,WAAW,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IACvD,MAAM,WAAW,GAAG,WAAW,CAAC,CAAC,CAAC,OAAO,WAAW,EAAE,CAAC,CAAC,CAAC,gBAAgB,CAAC;IAE1E,MAAM,iBAAiB,GAAG;QACxB,GAAG,WAAW,8MAA8M;QAC5N,kNAAkN;QAClN,qBAAqB,SAAS,CAAC,MAAM,CAAC,MAAM,YAAY,SAAS,CAAC,MAAM,CAAC,KAAK,sFAAsF,SAAS,CAAC,SAAS,CAAC,KAAK,wBAAwB;KACtN,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAEZ,MAAM,cAAc,GAAG;QACrB,kGAAkG;QAClG,yMAAyM;QACzM,+EAA+E;KAChF,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAEZ,OAAO;QACL,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACrC,IAAI;QACJ,UAAU;QACV,WAAW;QACX,cAAc;QACd,OAAO;QACP,SAAS,EAAE;YACT,MAAM,EAAE,SAAS,CAAC,MAAM;YACxB,WAAW,EAAE,SAAS,CAAC,MAAM,CAAC,KAAK;YACnC,YAAY,EAAE,SAAS,CAAC,MAAM,CAAC,MAAM;YACrC,eAAe,EAAE,SAAS,CAAC,SAAS,CAAC,MAAM;YAC3C,cAAc,EAAE,SAAS,CAAC,SAAS,CAAC,KAAK;SAC1C;QACD,aAAa,EAAE;YACb,IAAI,EAAE,iBAAiB;YACvB,MAAM,EAAE,MAAM,CAAC,iBAAiB,CAAC;SAClC;QACD,UAAU,EAAE;YACV,IAAI,EAAE,cAAc;YACpB,MAAM,EAAE,MAAM,CAAC,cAAc,CAAC;SAC/B;QACD,QAAQ,EAAE,aAAa,CAAC,SAAS,EAAE,WAAW,EAAE,UAAU,EAAE,WAAW,EAAE,cAAc,EAAE,OAAO,CAAC;QACjG,SAAS,EAAE,cAAc,CAAC,SAAS,CAAC;KACrC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,MAAsB;IAC3D,MAAM,KAAK,GAAG;QACZ,oBAAoB;QACpB,EAAE;QACF,mBAAmB;QACnB,eAAe;QACf,kBAAkB,MAAM,CAAC,UAAU,IAAI,2BAA2B,IAAI;QACtE,eAAe,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,WAAW,GAAG,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,IAAI;QAC3I,eAAe,MAAM,CAAC,OAAO,IAAI,cAAc,IAAI;QACnD,uBAAuB,MAAM,CAAC,SAAS,CAAC,YAAY,KAAK,MAAM,CAAC,SAAS,CAAC,WAAW,SAAS;QAC9F,iBAAiB,MAAM,CAAC,SAAS,CAAC,eAAe,KAAK,MAAM,CAAC,SAAS,CAAC,cAAc,UAAU;QAC/F,EAAE;QACF,kCAAkC;QAClC,EAAE;QACF,MAAM,CAAC,aAAa,CAAC,IAAI;QACzB,EAAE;QACF,2BAA2B;QAC3B,EAAE;QACF,UAAU,CAAC,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC;QACvC,EAAE;QACF,kCAAkC;QAClC,EAAE;QACF,MAAM,CAAC,UAAU,CAAC,IAAI;QACtB,EAAE;QACF,2BAA2B;QAC3B,EAAE;QACF,UAAU,CAAC,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC;QACpC,EAAE;QACF,aAAa;QACb,EAAE;QACF,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC;QAC7C,EAAE;QACF,iCAAiC;QACjC,EAAE;QACF,GAAG,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC;QAC9C,EAAE;QACF,iBAAiB;QACjB,EAAE;QACF,SAAS;QACT,4BAA4B;QAC5B,0CAA0C;QAC1C,KAAK;QACL,EAAE;KACH,CAAC;IAEF,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,KAAK,UAAU,eAAe,CAAC,IAAY;IACzC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,cAAc,CAAC,EAAE,MAAM,CAAC,CAAC;QACpE,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAoB,CAAC;IAC5C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,sBAAsB,CAAC,UAAyC;IACvE,MAAM,GAAG,GAAG,OAAO,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,UAAU,EAAE,GAAG,CAAC;IAC1E,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,OAAO,GAAG;SACP,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC;SACrB,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;AAC3B,CAAC;AAED,SAAS,uBAAuB,CAAC,SAA0B;IACzD,MAAM,OAAO,GAAG,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,KAAK,SAAS,CAAC,CAAC;IACxF,MAAM,KAAK,GAAG,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAC/D,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;AACpB,CAAC;AAED,SAAS,aAAa,CACpB,SAA0B,EAC1B,WAAmB,EACnB,UAA8B,EAC9B,WAA+B,EAC/B,cAAkC,EAClC,OAA2B;IAE3B,OAAO;QACL,UAAU,CAAC,CAAC,CAAC,sBAAsB,UAAU,EAAE,CAAC,CAAC,CAAC,kDAAkD;QACpG,WAAW,CAAC,CAAC,CAAC,wBAAwB,WAAW,GAAG,cAAc,CAAC,CAAC,CAAC,IAAI,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,iEAAiE;QACpK,OAAO,CAAC,CAAC,CAAC,wBAAwB,OAAO,EAAE,CAAC,CAAC,CAAC,wDAAwD;QACtG,2BAA2B,SAAS,CAAC,MAAM,CAAC,MAAM,KAAK,SAAS,CAAC,MAAM,CAAC,KAAK,SAAS,SAAS,CAAC,MAAM,CAAC,YAAY,iBAAiB;QACpI,6BAA6B,SAAS,CAAC,SAAS,CAAC,MAAM,KAAK,SAAS,CAAC,SAAS,CAAC,KAAK,SAAS;QAC9F,iNAAiN;QACjN,2MAA2M;QAC3M,0MAA0M;QAC1M,2HAA2H;KAC5H,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CAAC,SAA0B;IAChD,MAAM,KAAK,GAAG;QACZ,4HAA4H;QAC5H,0FAA0F;QAC1F,8HAA8H;KAC/H,CAAC;IAEF,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC;QACtB,KAAK,CAAC,OAAO,CAAC,4FAA4F,CAAC,CAAC;IAC9G,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,MAAM,CAAC,KAAa;IAC3B,IAAI,KAAK,CAAC,MAAM,IAAI,GAAG,EAAE,CAAC;QACxB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACnC,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC;IAC3G,MAAM,SAAS,GAAG,WAAW,IAAI,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAC/F,OAAO,SAAS,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,GAAG,KAAK,CAAC;AAC5D,CAAC;AAED,SAAS,UAAU,CAAC,KAAa;IAC/B,OAAO,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACjE,CAAC"}
|
|
@@ -15,6 +15,26 @@ export interface SensitiveIgnoreFile {
|
|
|
15
15
|
header: string[];
|
|
16
16
|
patterns: string[];
|
|
17
17
|
}
|
|
18
|
+
export interface SensitivePolicyCoverageFile {
|
|
19
|
+
target: SensitiveIgnoreTarget;
|
|
20
|
+
filename: string;
|
|
21
|
+
path: string;
|
|
22
|
+
exists: boolean;
|
|
23
|
+
coveredPatterns: string[];
|
|
24
|
+
missingPatterns: string[];
|
|
25
|
+
note: string;
|
|
26
|
+
}
|
|
27
|
+
export interface SensitivePolicyCoverage {
|
|
28
|
+
summary: {
|
|
29
|
+
checkedFiles: number;
|
|
30
|
+
existingFiles: number;
|
|
31
|
+
recommendedPatterns: number;
|
|
32
|
+
coveredPatterns: number;
|
|
33
|
+
missingPatterns: number;
|
|
34
|
+
};
|
|
35
|
+
files: SensitivePolicyCoverageFile[];
|
|
36
|
+
notes: string[];
|
|
37
|
+
}
|
|
18
38
|
export interface SensitiveAuditResult {
|
|
19
39
|
generatedAt: string;
|
|
20
40
|
root: string;
|
|
@@ -28,6 +48,7 @@ export interface SensitiveAuditResult {
|
|
|
28
48
|
findings: SensitiveAuditFinding[];
|
|
29
49
|
recommendedExcludes: string[];
|
|
30
50
|
ignoreFiles: SensitiveIgnoreFile[];
|
|
51
|
+
policyCoverage: SensitivePolicyCoverage;
|
|
31
52
|
}
|
|
32
53
|
export declare function auditSensitivePaths(root?: string): Promise<SensitiveAuditResult>;
|
|
33
54
|
export declare function buildSensitiveIgnoreFiles(patterns: string[]): SensitiveIgnoreFile[];
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { lstat, readdir } from "node:fs/promises";
|
|
1
|
+
import { lstat, readFile, readdir } from "node:fs/promises";
|
|
2
2
|
import path from "node:path";
|
|
3
3
|
const SKIPPED_DIRS = new Set([
|
|
4
4
|
".git",
|
|
@@ -97,6 +97,7 @@ export async function auditSensitivePaths(root = process.cwd()) {
|
|
|
97
97
|
await scanDirectory(resolvedRoot, resolvedRoot, findings, stats);
|
|
98
98
|
const recommendedExcludes = uniqueSorted(findings.map((finding) => finding.suggestedExclude));
|
|
99
99
|
const criticalFindings = findings.filter((finding) => finding.severity === "critical").length;
|
|
100
|
+
const policyCoverage = await buildSensitivePolicyCoverage(resolvedRoot, recommendedExcludes);
|
|
100
101
|
return {
|
|
101
102
|
generatedAt: new Date().toISOString(),
|
|
102
103
|
root: resolvedRoot,
|
|
@@ -109,7 +110,8 @@ export async function auditSensitivePaths(root = process.cwd()) {
|
|
|
109
110
|
},
|
|
110
111
|
findings: findings.sort((a, b) => a.path.localeCompare(b.path)),
|
|
111
112
|
recommendedExcludes,
|
|
112
|
-
ignoreFiles: buildSensitiveIgnoreFiles(recommendedExcludes)
|
|
113
|
+
ignoreFiles: buildSensitiveIgnoreFiles(recommendedExcludes),
|
|
114
|
+
policyCoverage
|
|
113
115
|
};
|
|
114
116
|
}
|
|
115
117
|
export function buildSensitiveIgnoreFiles(patterns) {
|
|
@@ -184,9 +186,80 @@ export function renderSensitiveAuditMarkdown(result) {
|
|
|
184
186
|
lines.push(`- \`${candidate.filename}\` via \`--format ignore --ignore-target ${candidate.target}\``);
|
|
185
187
|
}
|
|
186
188
|
lines.push("");
|
|
189
|
+
lines.push("## Project Policy Coverage", "");
|
|
190
|
+
lines.push(`Checked files: ${result.policyCoverage.summary.checkedFiles}`, `Existing files: ${result.policyCoverage.summary.existingFiles}`, `Covered recommended patterns: ${result.policyCoverage.summary.coveredPatterns}`, `Missing recommended patterns: ${result.policyCoverage.summary.missingPatterns}`, "");
|
|
191
|
+
for (const file of result.policyCoverage.files) {
|
|
192
|
+
lines.push(`- \`${file.filename}\`: ${file.exists ? "present" : "missing"}; covers ${file.coveredPatterns.length}/${result.policyCoverage.summary.recommendedPatterns} recommended pattern(s).`, ` - ${file.note}`);
|
|
193
|
+
if (file.missingPatterns.length > 0) {
|
|
194
|
+
lines.push(` - Missing: \`${file.missingPatterns.join("`, `")}\``);
|
|
195
|
+
}
|
|
196
|
+
}
|
|
197
|
+
lines.push("");
|
|
198
|
+
if (result.policyCoverage.notes.length > 0) {
|
|
199
|
+
lines.push("Policy notes:", "");
|
|
200
|
+
for (const note of result.policyCoverage.notes) {
|
|
201
|
+
lines.push(`- ${note}`);
|
|
202
|
+
}
|
|
203
|
+
lines.push("");
|
|
204
|
+
}
|
|
187
205
|
lines.push("Suggested next step:", "", "- Add these patterns to the exclusion mechanism your agent surface supports, and keep OS sandbox or permission profiles enabled for hard enforcement.", "- Treat this report as a preflight checklist; it is not a replacement for a sandbox boundary.", "");
|
|
188
206
|
return lines.join("\n");
|
|
189
207
|
}
|
|
208
|
+
async function buildSensitivePolicyCoverage(root, recommendedExcludes) {
|
|
209
|
+
const recommendedPatterns = uniqueSorted(recommendedExcludes);
|
|
210
|
+
const files = await Promise.all(SENSITIVE_IGNORE_FILES.map(async ({ target, filename }) => {
|
|
211
|
+
const absolutePath = path.join(root, filename);
|
|
212
|
+
let contents;
|
|
213
|
+
try {
|
|
214
|
+
contents = await readFile(absolutePath, "utf8");
|
|
215
|
+
}
|
|
216
|
+
catch {
|
|
217
|
+
contents = undefined;
|
|
218
|
+
}
|
|
219
|
+
const existingPatterns = contents === undefined ? [] : parseIgnorePatterns(contents);
|
|
220
|
+
const coveredPatterns = recommendedPatterns.filter((pattern) => existingPatterns.includes(pattern));
|
|
221
|
+
const missingPatterns = recommendedPatterns.filter((pattern) => !existingPatterns.includes(pattern));
|
|
222
|
+
return {
|
|
223
|
+
target,
|
|
224
|
+
filename,
|
|
225
|
+
path: filename,
|
|
226
|
+
exists: contents !== undefined,
|
|
227
|
+
coveredPatterns,
|
|
228
|
+
missingPatterns,
|
|
229
|
+
note: policyCoverageNote(target, contents !== undefined)
|
|
230
|
+
};
|
|
231
|
+
}));
|
|
232
|
+
const coveredPatterns = new Set(files.flatMap((file) => file.coveredPatterns));
|
|
233
|
+
const missingPatterns = recommendedPatterns.filter((pattern) => !coveredPatterns.has(pattern));
|
|
234
|
+
return {
|
|
235
|
+
summary: {
|
|
236
|
+
checkedFiles: files.length,
|
|
237
|
+
existingFiles: files.filter((file) => file.exists).length,
|
|
238
|
+
recommendedPatterns: recommendedPatterns.length,
|
|
239
|
+
coveredPatterns: coveredPatterns.size,
|
|
240
|
+
missingPatterns: missingPatterns.length
|
|
241
|
+
},
|
|
242
|
+
files,
|
|
243
|
+
notes: [
|
|
244
|
+
"Coverage is based on exact pattern lines in project-level ignore files; it does not read sensitive file contents.",
|
|
245
|
+
"A .gitignore match is useful for repository hygiene but is not proof that an AI agent or Codex runtime enforces a read boundary.",
|
|
246
|
+
"Use OS sandboxing or agent-native deny rules for hard enforcement when available."
|
|
247
|
+
]
|
|
248
|
+
};
|
|
249
|
+
}
|
|
250
|
+
function parseIgnorePatterns(contents) {
|
|
251
|
+
return uniqueSorted(contents
|
|
252
|
+
.split(/\r?\n/)
|
|
253
|
+
.map((line) => line.trim())
|
|
254
|
+
.filter((line) => line.length > 0 && !line.startsWith("#")));
|
|
255
|
+
}
|
|
256
|
+
function policyCoverageNote(target, exists) {
|
|
257
|
+
const prefix = exists ? "Project file exists." : "Project file is missing.";
|
|
258
|
+
if (target === "gitignore") {
|
|
259
|
+
return `${prefix} Git ignore coverage is not a deterministic Codex read-deny boundary.`;
|
|
260
|
+
}
|
|
261
|
+
return `${prefix} Use this as a reviewable project policy candidate for agent-sensitive path exclusion.`;
|
|
262
|
+
}
|
|
190
263
|
async function scanDirectory(root, dir, findings, stats) {
|
|
191
264
|
let entries;
|
|
192
265
|
try {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sensitiveAudit.js","sourceRoot":"","sources":["../../src/sensitiveAudit.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,IAAI,MAAM,WAAW,CAAC;AAyD7B,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC;IAC3B,MAAM;IACN,cAAc;IACd,MAAM;IACN,OAAO;IACP,OAAO;IACP,QAAQ;IACR,QAAQ;IACR,aAAa;CACd,CAAC,CAAC;AAEH,MAAM,kBAAkB,GAAuB;IAC7C;QACE,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,uFAAuF;QAC/F,gBAAgB,EAAE,UAAU;QAC5B,OAAO,EAAE,CAAC,aAAa,EAAE,QAAQ,EAAE,EAAE,CAAC,QAAQ,KAAK,MAAM,IAAI,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC;KAC1F;IACD;QACE,IAAI,EAAE,qBAAqB;QAC3B,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,iFAAiF;QACzF,gBAAgB,EAAE,WAAW;QAC7B,OAAO,EAAE,CAAC,aAAa,EAAE,QAAQ,EAAE,EAAE,CAAC,QAAQ,KAAK,QAAQ,IAAI,QAAQ,KAAK,SAAS;KACtF;IACD;QACE,IAAI,EAAE,mBAAmB;QACzB,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,6FAA6F;QACrG,gBAAgB,EAAE,YAAY;QAC9B,OAAO,EAAE,CAAC,YAAY,EAAE,EAAE,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC;KACvE;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,iEAAiE;QACzE,gBAAgB,EAAE,YAAY;QAC9B,OAAO,EAAE,CAAC,YAAY,EAAE,QAAQ,EAAE,EAAE,CAClC,YAAY,CAAC,YAAY,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC;YAC3C,8CAA8C,CAAC,IAAI,CAAC,QAAQ,CAAC;KAChE;IACD;QACE,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,sEAAsE;QAC9E,gBAAgB,EAAE,aAAa;QAC/B,OAAO,EAAE,CAAC,YAAY,EAAE,EAAE,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC;KACxE;IACD;QACE,IAAI,EAAE,oBAAoB;QAC1B,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,iEAAiE;QACzE,gBAAgB,EAAE,eAAe;QACjC,OAAO,EAAE,CAAC,YAAY,EAAE,EAAE,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC;KAC1E;IACD;QACE,IAAI,EAAE,4BAA4B;QAClC,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,wEAAwE;QAChF,gBAAgB,EAAE,oBAAoB;QACtC,OAAO,EAAE,CAAC,aAAa,EAAE,QAAQ,EAAE,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC,QAAQ,CAAC;KACzE;IACD;QACE,IAAI,EAAE,uBAAuB;QAC7B,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,yFAAyF;QACjG,gBAAgB,EAAE,yCAAyC;QAC3D,OAAO,EAAE,CAAC,aAAa,EAAE,QAAQ,EAAE,EAAE,CAAC,wCAAwC,CAAC,IAAI,CAAC,QAAQ,CAAC;KAC9F;IACD;QACE,IAAI,EAAE,eAAe;QACrB,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,4FAA4F;QACpG,gBAAgB,EAAE,0BAA0B;QAC5C,OAAO,EAAE,CAAC,aAAa,EAAE,QAAQ,EAAE,EAAE,CAAC,yBAAyB,CAAC,IAAI,CAAC,QAAQ,CAAC;KAC/E;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,mGAAmG;QAC3G,gBAAgB,EAAE,aAAa;QAC/B,OAAO,EAAE,CAAC,aAAa,EAAE,QAAQ,EAAE,EAAE,CACnC,4DAA4D,CAAC,IAAI,CAAC,QAAQ,CAAC;YAC3E,sCAAsC,CAAC,IAAI,CAAC,QAAQ,CAAC;KACxD;CACF,CAAC;AAEF,MAAM,sBAAsB,GAA+D;IACzF,EAAE,MAAM,EAAE,aAAa,EAAE,QAAQ,EAAE,cAAc,EAAE;IACnD,EAAE,MAAM,EAAE,aAAa,EAAE,QAAQ,EAAE,cAAc,EAAE;IACnD,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,YAAY,EAAE;IAC/C,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,YAAY,EAAE;CAChD,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,IAAI,GAAG,OAAO,CAAC,GAAG,EAAE;IAC5D,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACxC,MAAM,QAAQ,GAA4B,EAAE,CAAC;IAC7C,MAAM,KAAK,GAAG,EAAE,cAAc,EAAE,CAAC,EAAE,CAAC;IAEpC,MAAM,aAAa,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;IAEjE,MAAM,mBAAmB,GAAG,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC;IAC9F,MAAM,gBAAgB,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IAE9F,OAAO;QACL,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACrC,IAAI,EAAE,YAAY;QAClB,MAAM,EAAE,gBAAgB,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM;QAC7E,OAAO,EAAE;YACP,cAAc,EAAE,KAAK,CAAC,cAAc;YACpC,iBAAiB,EAAE,QAAQ,CAAC,MAAM;YAClC,gBAAgB;YAChB,mBAAmB,EAAE,mBAAmB,CAAC,MAAM;SAChD;QACD,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAC/D,mBAAmB;QACnB,WAAW,EAAE,yBAAyB,CAAC,mBAAmB,CAAC;KAC5D,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,yBAAyB,CAAC,QAAkB;IAC1D,MAAM,cAAc,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IAC9C,OAAO,sBAAsB,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;QAC3D,MAAM;QACN,QAAQ;QACR,MAAM,EAAE;YACN,8CAA8C;YAC9C,8CAA8C;YAC9C,4FAA4F;YAC5F,WAAW,QAAQ,EAAE;SACtB;QACD,QAAQ,EAAE,cAAc;KACzB,CAAC,CAAC,CAAC;AACN,CAAC;AAED,MAAM,UAAU,8BAA8B,CAAC,MAAc;IAC3D,IAAI,MAAM,KAAK,aAAa,IAAI,MAAM,KAAK,aAAa,IAAI,MAAM,KAAK,WAAW,IAAI,MAAM,KAAK,WAAW,EAAE,CAAC;QAC7G,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,gFAAgF,CAAC,CAAC;AACpG,CAAC;AAED,MAAM,UAAU,yBAAyB,CACvC,MAA4B,EAC5B,SAAgC,aAAa;IAE7C,MAAM,SAAS,GAAG,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC;IAC5E,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,oCAAoC,MAAM,EAAE,CAAC,CAAC;IAChE,CAAC;IAED,MAAM,KAAK,GAAG,SAAS,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;IAC1D,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,IAAI,SAAS,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpC,KAAK,CAAC,IAAI,CAAC,sDAAsD,EAAE,EAAE,CAAC,CAAC;IACzE,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IACxC,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,MAAM,UAAU,4BAA4B,CAAC,MAA4B;IACvE,MAAM,KAAK,GAAG;QACZ,uCAAuC;QACvC,EAAE;QACF,aAAa,MAAM,CAAC,MAAM,IAAI;QAC9B,EAAE;QACF,WAAW,MAAM,CAAC,IAAI,IAAI;QAC1B,oBAAoB,MAAM,CAAC,OAAO,CAAC,cAAc,EAAE;QACnD,uBAAuB,MAAM,CAAC,OAAO,CAAC,iBAAiB,EAAE;QACzD,sBAAsB,MAAM,CAAC,OAAO,CAAC,gBAAgB,EAAE;QACvD,EAAE;QACF,8FAA8F;QAC9F,EAAE;QACF,aAAa;QACb,EAAE;KACH,CAAC;IAEF,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjC,KAAK,CAAC,IAAI,CAAC,sCAAsC,EAAE,EAAE,CAAC,CAAC;IACzD,CAAC;SAAM,CAAC;QACN,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACtC,KAAK,CAAC,IAAI,CACR,OAAO,OAAO,CAAC,QAAQ,MAAM,OAAO,CAAC,IAAI,OAAO,OAAO,CAAC,IAAI,IAAI,EAChE,OAAO,OAAO,CAAC,MAAM,EAAE,EACvB,4BAA4B,OAAO,CAAC,gBAAgB,IAAI,CACzD,CAAC;QACJ,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,yBAAyB,EAAE,EAAE,CAAC,CAAC;IAC1C,IAAI,MAAM,CAAC,mBAAmB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5C,KAAK,CAAC,IAAI,CAAC,gCAAgC,EAAE,EAAE,CAAC,CAAC;IACnD,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,cAAc,EAAE,GAAG,MAAM,CAAC,mBAAmB,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,2BAA2B,EAAE,EAAE,CAAC,CAAC;IAC5C,KAAK,MAAM,SAAS,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;QAC3C,KAAK,CAAC,IAAI,CAAC,OAAO,SAAS,CAAC,QAAQ,4CAA4C,SAAS,CAAC,MAAM,IAAI,CAAC,CAAC;IACxG,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,KAAK,CAAC,IAAI,CACR,sBAAsB,EACtB,EAAE,EACF,uJAAuJ,EACvJ,+FAA+F,EAC/F,EAAE,CACH,CAAC;IAEF,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,KAAK,UAAU,aAAa,CAC1B,IAAY,EACZ,GAAW,EACX,QAAiC,EACjC,KAAiC;IAEjC,IAAI,OAAO,CAAC;IACZ,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IACxD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;IACT,CAAC;IAED,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,KAAK,CAAC,WAAW,EAAE,IAAI,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACxD,SAAS;QACX,CAAC;QAED,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QAChD,MAAM,YAAY,GAAG,iBAAiB,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC,CAAC;QAC1E,KAAK,CAAC,cAAc,IAAI,CAAC,CAAC;QAE1B,IAAI,UAAU,CAAC;QACf,IAAI,CAAC;YACH,UAAU,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,CAAC;QACzC,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QAED,MAAM,OAAO,GAAG,mBAAmB,CAAC,YAAY,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QAC9D,IAAI,OAAO,EAAE,CAAC;YACZ,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,UAAU,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ;gBACrE,IAAI,EAAE,UAAU,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI;gBACtE,IAAI,EAAE,YAAY;gBAClB,MAAM,EAAE,UAAU,CAAC,cAAc,EAAE;oBACjC,CAAC,CAAC,0CAA0C,OAAO,CAAC,IAAI,mDAAmD;oBAC3G,CAAC,CAAC,OAAO,CAAC,MAAM;gBAClB,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;aAC3C,CAAC,CAAC;QACL,CAAC;QAED,IAAI,OAAO,IAAI,UAAU,CAAC,WAAW,EAAE,EAAE,CAAC;YACxC,SAAS;QACX,CAAC;QAED,IAAI,UAAU,CAAC,WAAW,EAAE,EAAE,CAAC;YAC7B,MAAM,aAAa,CAAC,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,mBAAmB,CAAC,YAAoB,EAAE,QAAgB;IACjE,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC,CAAC;AACvF,CAAC;AAED,SAAS,YAAY,CAAC,YAAoB;IACxC,OAAO,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;AACjC,CAAC;AAED,SAAS,iBAAiB,CAAC,YAAoB;IAC7C,OAAO,YAAY,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAChD,CAAC;AAED,SAAS,YAAY,CAAC,MAAgB;IACpC,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;AACjE,CAAC"}
|
|
1
|
+
{"version":3,"file":"sensitiveAudit.js","sourceRoot":"","sources":["../../src/sensitiveAudit.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAC5D,OAAO,IAAI,MAAM,WAAW,CAAC;AAgF7B,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC;IAC3B,MAAM;IACN,cAAc;IACd,MAAM;IACN,OAAO;IACP,OAAO;IACP,QAAQ;IACR,QAAQ;IACR,aAAa;CACd,CAAC,CAAC;AAEH,MAAM,kBAAkB,GAAuB;IAC7C;QACE,IAAI,EAAE,UAAU;QAChB,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,uFAAuF;QAC/F,gBAAgB,EAAE,UAAU;QAC5B,OAAO,EAAE,CAAC,aAAa,EAAE,QAAQ,EAAE,EAAE,CAAC,QAAQ,KAAK,MAAM,IAAI,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC;KAC1F;IACD;QACE,IAAI,EAAE,qBAAqB;QAC3B,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,iFAAiF;QACzF,gBAAgB,EAAE,WAAW;QAC7B,OAAO,EAAE,CAAC,aAAa,EAAE,QAAQ,EAAE,EAAE,CAAC,QAAQ,KAAK,QAAQ,IAAI,QAAQ,KAAK,SAAS;KACtF;IACD;QACE,IAAI,EAAE,mBAAmB;QACzB,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,6FAA6F;QACrG,gBAAgB,EAAE,YAAY;QAC9B,OAAO,EAAE,CAAC,YAAY,EAAE,EAAE,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC;KACvE;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,iEAAiE;QACzE,gBAAgB,EAAE,YAAY;QAC9B,OAAO,EAAE,CAAC,YAAY,EAAE,QAAQ,EAAE,EAAE,CAClC,YAAY,CAAC,YAAY,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC;YAC3C,8CAA8C,CAAC,IAAI,CAAC,QAAQ,CAAC;KAChE;IACD;QACE,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,sEAAsE;QAC9E,gBAAgB,EAAE,aAAa;QAC/B,OAAO,EAAE,CAAC,YAAY,EAAE,EAAE,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC;KACxE;IACD;QACE,IAAI,EAAE,oBAAoB;QAC1B,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,iEAAiE;QACzE,gBAAgB,EAAE,eAAe;QACjC,OAAO,EAAE,CAAC,YAAY,EAAE,EAAE,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC;KAC1E;IACD;QACE,IAAI,EAAE,4BAA4B;QAClC,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,wEAAwE;QAChF,gBAAgB,EAAE,oBAAoB;QACtC,OAAO,EAAE,CAAC,aAAa,EAAE,QAAQ,EAAE,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC,QAAQ,CAAC;KACzE;IACD;QACE,IAAI,EAAE,uBAAuB;QAC7B,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,yFAAyF;QACjG,gBAAgB,EAAE,yCAAyC;QAC3D,OAAO,EAAE,CAAC,aAAa,EAAE,QAAQ,EAAE,EAAE,CAAC,wCAAwC,CAAC,IAAI,CAAC,QAAQ,CAAC;KAC9F;IACD;QACE,IAAI,EAAE,eAAe;QACrB,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,4FAA4F;QACpG,gBAAgB,EAAE,0BAA0B;QAC5C,OAAO,EAAE,CAAC,aAAa,EAAE,QAAQ,EAAE,EAAE,CAAC,yBAAyB,CAAC,IAAI,CAAC,QAAQ,CAAC;KAC/E;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,mGAAmG;QAC3G,gBAAgB,EAAE,aAAa;QAC/B,OAAO,EAAE,CAAC,aAAa,EAAE,QAAQ,EAAE,EAAE,CACnC,4DAA4D,CAAC,IAAI,CAAC,QAAQ,CAAC;YAC3E,sCAAsC,CAAC,IAAI,CAAC,QAAQ,CAAC;KACxD;CACF,CAAC;AAEF,MAAM,sBAAsB,GAA+D;IACzF,EAAE,MAAM,EAAE,aAAa,EAAE,QAAQ,EAAE,cAAc,EAAE;IACnD,EAAE,MAAM,EAAE,aAAa,EAAE,QAAQ,EAAE,cAAc,EAAE;IACnD,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,YAAY,EAAE;IAC/C,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,YAAY,EAAE;CAChD,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,IAAI,GAAG,OAAO,CAAC,GAAG,EAAE;IAC5D,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACxC,MAAM,QAAQ,GAA4B,EAAE,CAAC;IAC7C,MAAM,KAAK,GAAG,EAAE,cAAc,EAAE,CAAC,EAAE,CAAC;IAEpC,MAAM,aAAa,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;IAEjE,MAAM,mBAAmB,GAAG,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC;IAC9F,MAAM,gBAAgB,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IAE9F,MAAM,cAAc,GAAG,MAAM,4BAA4B,CAAC,YAAY,EAAE,mBAAmB,CAAC,CAAC;IAE7F,OAAO;QACL,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACrC,IAAI,EAAE,YAAY;QAClB,MAAM,EAAE,gBAAgB,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM;QAC7E,OAAO,EAAE;YACP,cAAc,EAAE,KAAK,CAAC,cAAc;YACpC,iBAAiB,EAAE,QAAQ,CAAC,MAAM;YAClC,gBAAgB;YAChB,mBAAmB,EAAE,mBAAmB,CAAC,MAAM;SAChD;QACD,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAC/D,mBAAmB;QACnB,WAAW,EAAE,yBAAyB,CAAC,mBAAmB,CAAC;QAC3D,cAAc;KACf,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,yBAAyB,CAAC,QAAkB;IAC1D,MAAM,cAAc,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IAC9C,OAAO,sBAAsB,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;QAC3D,MAAM;QACN,QAAQ;QACR,MAAM,EAAE;YACN,8CAA8C;YAC9C,8CAA8C;YAC9C,4FAA4F;YAC5F,WAAW,QAAQ,EAAE;SACtB;QACD,QAAQ,EAAE,cAAc;KACzB,CAAC,CAAC,CAAC;AACN,CAAC;AAED,MAAM,UAAU,8BAA8B,CAAC,MAAc;IAC3D,IAAI,MAAM,KAAK,aAAa,IAAI,MAAM,KAAK,aAAa,IAAI,MAAM,KAAK,WAAW,IAAI,MAAM,KAAK,WAAW,EAAE,CAAC;QAC7G,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,gFAAgF,CAAC,CAAC;AACpG,CAAC;AAED,MAAM,UAAU,yBAAyB,CACvC,MAA4B,EAC5B,SAAgC,aAAa;IAE7C,MAAM,SAAS,GAAG,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC;IAC5E,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,oCAAoC,MAAM,EAAE,CAAC,CAAC;IAChE,CAAC;IAED,MAAM,KAAK,GAAG,SAAS,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;IAC1D,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,IAAI,SAAS,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpC,KAAK,CAAC,IAAI,CAAC,sDAAsD,EAAE,EAAE,CAAC,CAAC;IACzE,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IACxC,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,MAAM,UAAU,4BAA4B,CAAC,MAA4B;IACvE,MAAM,KAAK,GAAG;QACZ,uCAAuC;QACvC,EAAE;QACF,aAAa,MAAM,CAAC,MAAM,IAAI;QAC9B,EAAE;QACF,WAAW,MAAM,CAAC,IAAI,IAAI;QAC1B,oBAAoB,MAAM,CAAC,OAAO,CAAC,cAAc,EAAE;QACnD,uBAAuB,MAAM,CAAC,OAAO,CAAC,iBAAiB,EAAE;QACzD,sBAAsB,MAAM,CAAC,OAAO,CAAC,gBAAgB,EAAE;QACvD,EAAE;QACF,8FAA8F;QAC9F,EAAE;QACF,aAAa;QACb,EAAE;KACH,CAAC;IAEF,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjC,KAAK,CAAC,IAAI,CAAC,sCAAsC,EAAE,EAAE,CAAC,CAAC;IACzD,CAAC;SAAM,CAAC;QACN,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACtC,KAAK,CAAC,IAAI,CACR,OAAO,OAAO,CAAC,QAAQ,MAAM,OAAO,CAAC,IAAI,OAAO,OAAO,CAAC,IAAI,IAAI,EAChE,OAAO,OAAO,CAAC,MAAM,EAAE,EACvB,4BAA4B,OAAO,CAAC,gBAAgB,IAAI,CACzD,CAAC;QACJ,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,yBAAyB,EAAE,EAAE,CAAC,CAAC;IAC1C,IAAI,MAAM,CAAC,mBAAmB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5C,KAAK,CAAC,IAAI,CAAC,gCAAgC,EAAE,EAAE,CAAC,CAAC;IACnD,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,cAAc,EAAE,GAAG,MAAM,CAAC,mBAAmB,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,2BAA2B,EAAE,EAAE,CAAC,CAAC;IAC5C,KAAK,MAAM,SAAS,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;QAC3C,KAAK,CAAC,IAAI,CAAC,OAAO,SAAS,CAAC,QAAQ,4CAA4C,SAAS,CAAC,MAAM,IAAI,CAAC,CAAC;IACxG,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,KAAK,CAAC,IAAI,CAAC,4BAA4B,EAAE,EAAE,CAAC,CAAC;IAC7C,KAAK,CAAC,IAAI,CACR,kBAAkB,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,YAAY,EAAE,EAC9D,mBAAmB,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,aAAa,EAAE,EAChE,iCAAiC,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,eAAe,EAAE,EAChF,iCAAiC,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,eAAe,EAAE,EAChF,EAAE,CACH,CAAC;IAEF,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,cAAc,CAAC,KAAK,EAAE,CAAC;QAC/C,KAAK,CAAC,IAAI,CACR,OAAO,IAAI,CAAC,QAAQ,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,YAAY,IAAI,CAAC,eAAe,CAAC,MAAM,IAAI,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,mBAAmB,0BAA0B,EACpL,OAAO,IAAI,CAAC,IAAI,EAAE,CACnB,CAAC;QACF,IAAI,IAAI,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpC,KAAK,CAAC,IAAI,CAAC,kBAAkB,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACtE,CAAC;IACH,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,IAAI,MAAM,CAAC,cAAc,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3C,KAAK,CAAC,IAAI,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC;QAChC,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,cAAc,CAAC,KAAK,EAAE,CAAC;YAC/C,KAAK,CAAC,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;QAC1B,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,IAAI,CACR,sBAAsB,EACtB,EAAE,EACF,uJAAuJ,EACvJ,+FAA+F,EAC/F,EAAE,CACH,CAAC;IAEF,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,KAAK,UAAU,4BAA4B,CAAC,IAAY,EAAE,mBAA6B;IACrF,MAAM,mBAAmB,GAAG,YAAY,CAAC,mBAAmB,CAAC,CAAC;IAC9D,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,GAAG,CAC7B,sBAAsB,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,EAAE;QACxD,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAC/C,IAAI,QAA4B,CAAC;QACjC,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;QAClD,CAAC;QAAC,MAAM,CAAC;YACP,QAAQ,GAAG,SAAS,CAAC;QACvB,CAAC;QAED,MAAM,gBAAgB,GAAG,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,mBAAmB,CAAC,QAAQ,CAAC,CAAC;QACrF,MAAM,eAAe,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,gBAAgB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;QACpG,MAAM,eAAe,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,gBAAgB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;QAErG,OAAO;YACL,MAAM;YACN,QAAQ;YACR,IAAI,EAAE,QAAQ;YACd,MAAM,EAAE,QAAQ,KAAK,SAAS;YAC9B,eAAe;YACf,eAAe;YACf,IAAI,EAAE,kBAAkB,CAAC,MAAM,EAAE,QAAQ,KAAK,SAAS,CAAC;SACzD,CAAC;IACJ,CAAC,CAAC,CACH,CAAC;IAEF,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC;IAC/E,MAAM,eAAe,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;IAE/F,OAAO;QACL,OAAO,EAAE;YACP,YAAY,EAAE,KAAK,CAAC,MAAM;YAC1B,aAAa,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM;YACzD,mBAAmB,EAAE,mBAAmB,CAAC,MAAM;YAC/C,eAAe,EAAE,eAAe,CAAC,IAAI;YACrC,eAAe,EAAE,eAAe,CAAC,MAAM;SACxC;QACD,KAAK;QACL,KAAK,EAAE;YACL,mHAAmH;YACnH,kIAAkI;YAClI,mFAAmF;SACpF;KACF,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAAC,QAAgB;IAC3C,OAAO,YAAY,CACjB,QAAQ;SACL,KAAK,CAAC,OAAO,CAAC;SACd,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;SAC1B,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAC9D,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CAAC,MAA6B,EAAE,MAAe;IACxE,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,0BAA0B,CAAC;IAC5E,IAAI,MAAM,KAAK,WAAW,EAAE,CAAC;QAC3B,OAAO,GAAG,MAAM,uEAAuE,CAAC;IAC1F,CAAC;IAED,OAAO,GAAG,MAAM,wFAAwF,CAAC;AAC3G,CAAC;AAED,KAAK,UAAU,aAAa,CAC1B,IAAY,EACZ,GAAW,EACX,QAAiC,EACjC,KAAiC;IAEjC,IAAI,OAAO,CAAC;IACZ,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IACxD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;IACT,CAAC;IAED,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,KAAK,CAAC,WAAW,EAAE,IAAI,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACxD,SAAS;QACX,CAAC;QAED,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QAChD,MAAM,YAAY,GAAG,iBAAiB,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC,CAAC;QAC1E,KAAK,CAAC,cAAc,IAAI,CAAC,CAAC;QAE1B,IAAI,UAAU,CAAC;QACf,IAAI,CAAC;YACH,UAAU,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,CAAC;QACzC,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QAED,MAAM,OAAO,GAAG,mBAAmB,CAAC,YAAY,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QAC9D,IAAI,OAAO,EAAE,CAAC;YACZ,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,UAAU,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ;gBACrE,IAAI,EAAE,UAAU,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI;gBACtE,IAAI,EAAE,YAAY;gBAClB,MAAM,EAAE,UAAU,CAAC,cAAc,EAAE;oBACjC,CAAC,CAAC,0CAA0C,OAAO,CAAC,IAAI,mDAAmD;oBAC3G,CAAC,CAAC,OAAO,CAAC,MAAM;gBAClB,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;aAC3C,CAAC,CAAC;QACL,CAAC;QAED,IAAI,OAAO,IAAI,UAAU,CAAC,WAAW,EAAE,EAAE,CAAC;YACxC,SAAS;QACX,CAAC;QAED,IAAI,UAAU,CAAC,WAAW,EAAE,EAAE,CAAC;YAC7B,MAAM,aAAa,CAAC,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,mBAAmB,CAAC,YAAoB,EAAE,QAAgB;IACjE,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC,CAAC;AACvF,CAAC;AAED,SAAS,YAAY,CAAC,YAAoB;IACxC,OAAO,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;AACjC,CAAC;AAED,SAAS,iBAAiB,CAAC,YAAoB;IAC7C,OAAO,YAAY,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAChD,CAAC;AAED,SAAS,YAAY,CAAC,MAAgB;IACpC,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;AACjE,CAAC"}
|
package/docs/CODEX_ISSUE_MAP.md
CHANGED
|
@@ -54,7 +54,7 @@ npx trace-to-skill lsp-audit . --format json
|
|
|
54
54
|
| Bundled plugin cache and marketplace drift | Computer Use unavailable, Browser/Chrome plugin unavailable, generated runtime marketplace omits bundled plugins, missing `.mcp.json` or `plugin.json`, helper app not installed, `CODEX_HOME` points at another runtime | `codex_plugin_runtime`, `codex_mcp_runtime` | `trace-to-skill plugin-audit ~/.codex --app /Applications/Codex.app --format json` |
|
|
55
55
|
| Support diagnostics packaging | maintainers ask for more detail, but raw `config.toml`, `logs_2.sqlite`, `state_5.sqlite`, `session_index.jsonl`, rollout JSONL, or local logs are too private to post | multiple | `trace-to-skill diagnostics-bundle ~/.codex --output codex-diagnostics` |
|
|
56
56
|
| Quota mismatch | `/status` or usage page shows quota left, but runtime says `You've hit your usage limit`; account/workspace reset or cache confusion | `quota_mismatch` | `trace-to-skill usage-evidence ./usage-notes.md` or `trace-to-skill codex-report ./runs` |
|
|
57
|
-
| Sensitive file exclusion | teams need deterministic `.agentignore` / `.aiexclude` / `.codexignore` candidates before agent runs, or traces show `.env`, private keys, `.npmrc`, cloud credentials, local databases, signing files, or secret manifests entering context | `sensitive_file_access` plus sensitive path metadata | `trace-to-skill sensitive-audit . --format json` for reports, `trace-to-skill sensitive-audit . --format ignore --ignore-target codexignore --output .codexignore.generated` for reviewable candidates |
|
|
57
|
+
| Sensitive file exclusion | teams need deterministic `.agentignore` / `.aiexclude` / `.codexignore` candidates and project policy coverage before agent runs, or traces show `.env`, private keys, `.npmrc`, cloud credentials, local databases, signing files, or secret manifests entering context | `sensitive_file_access` plus sensitive path metadata and policy coverage | `trace-to-skill sensitive-audit . --format json` for reports, `trace-to-skill sensitive-audit . --format ignore --ignore-target codexignore --output .codexignore.generated` for reviewable candidates |
|
|
58
58
|
| LSP auto-detect readiness | Codex users want language-aware navigation, diagnostics, references, rename, or install guidance before edits | language-server metadata | `trace-to-skill lsp-audit . --format json` |
|
|
59
59
|
| Context compaction failures | `Error running remote compact task`, `context_length_exceeded`, compaction loops, `responses/compact` stream disconnects | `context_compaction` | `trace-to-skill analyze ./runs` |
|
|
60
60
|
| Latest-turn drift | Codex answers an older prompt, repeats a previous response, redoes an already fixed task, forgets recent edits after compaction, or leaks raw tool payload text | `codex_latest_turn_drift` | `trace-to-skill codex-report ./runs` |
|
|
@@ -111,7 +111,7 @@ npx trace-to-skill lsp-audit . --format json
|
|
|
111
111
|
- Include line-linked evidence rather than screenshots alone when logs are available.
|
|
112
112
|
- Redact tokens, API keys, emails, local home paths, customer data, and hidden Unicode before posting publicly.
|
|
113
113
|
- For sensitive-file reports, attach only redacted excerpts and the file path/class, not the original credential material.
|
|
114
|
-
- For preflight exclusion reports, attach `sensitive-audit` output
|
|
114
|
+
- For preflight exclusion reports, attach `sensitive-audit` output, recommended exclude globs, and project policy coverage for `.codexignore`, `.agentignore`, `.aiexclude`, and `.gitignore`; use `--format ignore --ignore-target codexignore` when maintainers want a reviewable `.codexignore` candidate. It does not read file contents or follow symlink targets, and `.gitignore` coverage is not treated as a hard agent read-deny boundary.
|
|
115
115
|
- For LSP readiness reports, attach `lsp-audit` output so maintainers can see detected languages, evidence files, missing server commands, and install hints without auto-installing tools.
|
|
116
116
|
- For token-burn reports, attach `usage-evidence` output so quota-window percentages, rapid drain experiments, local token totals, prompt-cache collapse events, cached input, and orchestration-overhead signals are not collapsed into one ambiguous symptom.
|
|
117
117
|
- For usage bucket confusion, attach subscription plan, account/workspace, app/CLI version, surface, timestamp, redacted popover text or screenshot, 5h percentage, weekly percentage, reset time/date, whether values are used or remaining, whether weekly is rolling or calendar-based, whether weekly includes app/CLI/cloud/review usage, `/status`, dashboard state, and whether other devices/workspaces show the same values.
|
package/docs/DISCOVERY.md
CHANGED
|
@@ -159,7 +159,7 @@ npx trace-to-skill suggest ./runs --target agents-md
|
|
|
159
159
|
|
|
160
160
|
## Related Keywords
|
|
161
161
|
|
|
162
|
-
Codex, OpenAI Codex, Codex issue report, OpenAI triage, Codex LSP, Codex language server, lsp-audit, language-server readiness, typescript-language-server, pyright-langserver, gopls, rust-analyzer, sourcekit-lsp, clangd, Codex diagnostics bundle, privacy-preserving support bundle, workspace checkpoint, pre-agent checkpoint, Codex undo, Codex rewind, untracked file restore, sensitive path audit, sensitive-audit, agentignore, .agentignore, agentignore generator, codexignore, .codexignore, codexignore generator, aiexclude, .aiexclude, .gitignore candidates, exclude sensitive files, Codex plugin audit, Computer Use unavailable, Codex Browser plugin unavailable, bundled marketplace mismatch, generated runtime marketplace, plugin manifest missing, CODEX_HOME mismatch, Codex CLI, Codex sandbox, Windows sandbox, Codex config audit, Codex config.toml, Codex global state, .codex-global-state.json, Codex Speed reset, Codex Fast resets to Standard, service_tier fast, default-service-tier priority, has-user-changed-service-tier, Codex Preferences unable to save, configVersionConflict, default_permissions missing profile, Codex Windows helper path, Codex WindowsApps, Codex rg Access Denied, Codex ripgrep, CodexSandboxUsers, LocalCache Local OpenAI Codex bin, node_repl spawn setup refresh, Codex approval friction, Approve for this session, Allow for this session, approval_policy never, MCP approval prompts, default_tools_approval_mode, Playwright MCP approvals, Chrome DevTools MCP approvals, Codex auth, token_exchange_failed, Codex connectivity, stream disconnected, Codex connector auth cache, Codex Apps stale link, codex_apps_tools, codex_app_directory, Reauthentication required, refresh token revoked, isAccessible false, link_ connector, Codex deeplink, Codex OAuth callback, codex://oauth_callback, Unable to find Electron app, Error launching app, type=click&tag, AppUserModelID, DelegateExecute, codex app path, Codex remote compact, responses/compact, /compact timeout, tcp_user_timeout, stream_idle_timeout_ms, Codex context fork, Codex conversation fork, context fork bloat, codex context fork bloat, forked conversation duplicate context, prompt_cache_key lineage, prompt cache lineage, cached_input_tokens fork, cache hit rate fork, fork_context child context, Codex subagent prompt leakage, Codex subagent prompt leak, subagent prompt boundary, MultiAgentV2, spawn_agent fork_turns none, assistant commentary prompt envelope, sibling prompt leakage, parallel child prompt contamination, wait_agent wrong task, close_agent wrong task, Codex usage bucket, Codex usage popover, Usage remaining, 5h weekly usage, weekly pool, usage percentage confusion, percent remaining, percent used, rolling 7-day usage, calendar week usage, account-wide Codex usage, Codex remote control, Codex mobile, Waiting for desktop, Directory Unavailable, stale listener, Codex terminal output, Codex scrollback, Codex terminal history, terminal output integrity, missing_count, missing_examples, tmux_scrollback_repro.sh, line_truncation_repro.md, Windows Terminal scrollback, transcript mode, Codex subagent lifecycle, Codex subagent audit, stale subagents, close_agent, wait_agent, spawn_agent, thread_spawn_edges, agent thread limit reached, agents.max_threads, list_agents, /agents, subagent child threads, fork_context, unbiased review, subagent recent conversations, Codex MCP runtime, MCP unsupported call, mcp__node_repl__js, MCP namespace serverName, MCP Transport closed, StdioServerTransport, Codex Streamable HTTP MCP, streamable-http MCP, HTTP/SSE MCP, MCP SSE, Content-Type text/event-stream, JsonRpcMessage deserialize, MCP handshake initialize, stale MCP session id, MCP reconnect, Penpot MCP, n8n MCP, DingTalk MCP, Codex hooks runtime, hooks.json, codex_hooks, features.hooks, PreToolUse, PostToolUse, SessionStart hook, duplicate hooks, Hook N, Hooks settings, command_execution hooks, Code Mode exec hooks, Codex plugin runtime, Computer Use native pipe path unavailable, SKY_CUA_NATIVE_PIPE_DIRECTORY, Plugin loading failed, plugin/list unknown variant vertical, Codex Browser plugin, Codex Computer Use, Codex Chrome plugin, stale plugin cache, codex plugin add, Codex file tree, Toggle File Tree, missing folder icon, floating file panel stale, file preview fails, workspace navigation, Codex project history disappeared, Codex project threads hidden, Codex session index repair, unindexed rollout thread, codex resume thread id, Codex latest-turn drift, Codex replies to earlier messages, stale prompt response, ignoring latest message, previous prompt, auto compaction forgets edits, raw tool payload leak, write_stdin session_id, Codex latency regression, GPT-5.5 Fast slow, Codex too slow, thinking stalls, Codex thinking hang, Codex stuck thinking, Codex Working stuck, no streamed follow-up, first response_item delayed, responses_http time.idle, model_client.stream_responses_api, turn/start, task_started, Codex Copy as Markdown missing, Codex Pasted text.txt, Codex long pasted prompt attachment, Codex clipboard export, Codex paste as text, Codex generated attachment preview edit, Codex goal ignores attachment, pasted-text-attachments.json, fileAttachments promptRaw composer.getText, pre-first-token latency, search/read latency, runtime scheduling latency, Codex resume, Codex session audit, Codex history audit, Codex history map, Codex session index, session_index.jsonl, Codex session state, rollout JSONL, logs_2.sqlite, codex-tui.log, sandbox.log, thread_goals, state_5.sqlite, goals_1.sqlite, archived chats, Codex token burn, Codex usage evidence, Codex rate-limit evidence, Codex usage drain, prompt cache collapse, prompt_cache_key, cached_input_tokens, cached_tokens, low cache hit rate, websocket reconnect cache drop, Codex usage reset, Codex weekly reset drift, reset_at changed, deterministic reset, rate limit reset, write_stdin polling, cached input tokens, compaction tax, background process polling, Codex process audit, PowerShell polling, powershell.exe Get-CimInstance Win32_Process, Win32_PerfFormattedData_PerfProc_Process, chat_processes.json stale entries, Codex resource leak, Codex performance, high CPU, high GPU, shell-snapshot, Code Helper Renderer, Codex tool-call integrity, apply_patch, apply_patch Add File overwrite, patch guard, guard-patch, Add File symlink, tool_call_id, failed revert changes, patch safety, Codex quota, usage limit, rate limits, sensitive files, Codex privacy, .env, private keys, credential files, AGENTS.md, SKILL.md, Claude Code, Cursor, Copilot coding agent, Gemini CLI, MCP, Model Context Protocol, prompt injection, agent evals, AI code review, open-source maintainers, trace redaction, SARIF, GitHub Actions.
|
|
162
|
+
Codex, OpenAI Codex, Codex issue report, OpenAI triage, Codex LSP, Codex language server, lsp-audit, language-server readiness, typescript-language-server, pyright-langserver, gopls, rust-analyzer, sourcekit-lsp, clangd, Codex diagnostics bundle, privacy-preserving support bundle, workspace checkpoint, pre-agent checkpoint, Codex undo, Codex rewind, untracked file restore, sensitive path audit, sensitive-audit, agentignore, .agentignore, agentignore generator, codexignore, .codexignore, codexignore generator, codexignore audit, ignore policy, policy coverage, aiexclude, .aiexclude, .gitignore candidates, exclude sensitive files, Codex plugin audit, Computer Use unavailable, Codex Browser plugin unavailable, bundled marketplace mismatch, generated runtime marketplace, plugin manifest missing, CODEX_HOME mismatch, Codex CLI, Codex sandbox, Windows sandbox, Codex config audit, Codex config.toml, Codex global state, .codex-global-state.json, Codex Speed reset, Codex Fast resets to Standard, service_tier fast, default-service-tier priority, has-user-changed-service-tier, Codex Preferences unable to save, configVersionConflict, default_permissions missing profile, Codex Windows helper path, Codex WindowsApps, Codex rg Access Denied, Codex ripgrep, CodexSandboxUsers, LocalCache Local OpenAI Codex bin, node_repl spawn setup refresh, Codex approval friction, Approve for this session, Allow for this session, approval_policy never, MCP approval prompts, default_tools_approval_mode, Playwright MCP approvals, Chrome DevTools MCP approvals, Codex auth, token_exchange_failed, Codex connectivity, stream disconnected, Codex connector auth cache, Codex Apps stale link, codex_apps_tools, codex_app_directory, Reauthentication required, refresh token revoked, isAccessible false, link_ connector, Codex deeplink, Codex OAuth callback, codex://oauth_callback, Unable to find Electron app, Error launching app, type=click&tag, AppUserModelID, DelegateExecute, codex app path, Codex remote compact, responses/compact, /compact timeout, tcp_user_timeout, stream_idle_timeout_ms, Codex context fork, Codex conversation fork, context fork bloat, codex context fork bloat, forked conversation duplicate context, prompt_cache_key lineage, prompt cache lineage, cached_input_tokens fork, cache hit rate fork, fork_context child context, Codex subagent prompt leakage, Codex subagent prompt leak, subagent prompt boundary, MultiAgentV2, spawn_agent fork_turns none, assistant commentary prompt envelope, sibling prompt leakage, parallel child prompt contamination, wait_agent wrong task, close_agent wrong task, Codex usage bucket, Codex usage popover, Usage remaining, 5h weekly usage, weekly pool, usage percentage confusion, percent remaining, percent used, rolling 7-day usage, calendar week usage, account-wide Codex usage, Codex remote control, Codex mobile, Waiting for desktop, Directory Unavailable, stale listener, Codex terminal output, Codex scrollback, Codex terminal history, terminal output integrity, missing_count, missing_examples, tmux_scrollback_repro.sh, line_truncation_repro.md, Windows Terminal scrollback, transcript mode, Codex subagent lifecycle, Codex subagent audit, stale subagents, close_agent, wait_agent, spawn_agent, thread_spawn_edges, agent thread limit reached, agents.max_threads, list_agents, /agents, subagent child threads, fork_context, unbiased review, subagent recent conversations, Codex MCP runtime, MCP unsupported call, mcp__node_repl__js, MCP namespace serverName, MCP Transport closed, StdioServerTransport, Codex Streamable HTTP MCP, streamable-http MCP, HTTP/SSE MCP, MCP SSE, Content-Type text/event-stream, JsonRpcMessage deserialize, MCP handshake initialize, stale MCP session id, MCP reconnect, Penpot MCP, n8n MCP, DingTalk MCP, Codex hooks runtime, hooks.json, codex_hooks, features.hooks, PreToolUse, PostToolUse, SessionStart hook, duplicate hooks, Hook N, Hooks settings, command_execution hooks, Code Mode exec hooks, Codex plugin runtime, Computer Use native pipe path unavailable, SKY_CUA_NATIVE_PIPE_DIRECTORY, Plugin loading failed, plugin/list unknown variant vertical, Codex Browser plugin, Codex Computer Use, Codex Chrome plugin, stale plugin cache, codex plugin add, Codex file tree, Toggle File Tree, missing folder icon, floating file panel stale, file preview fails, workspace navigation, Codex project history disappeared, Codex project threads hidden, Codex session index repair, unindexed rollout thread, codex resume thread id, Codex latest-turn drift, Codex replies to earlier messages, stale prompt response, ignoring latest message, previous prompt, auto compaction forgets edits, raw tool payload leak, write_stdin session_id, Codex latency regression, GPT-5.5 Fast slow, Codex too slow, thinking stalls, Codex thinking hang, Codex stuck thinking, Codex Working stuck, no streamed follow-up, first response_item delayed, responses_http time.idle, model_client.stream_responses_api, turn/start, task_started, Codex Copy as Markdown missing, Codex Pasted text.txt, Codex long pasted prompt attachment, Codex clipboard export, Codex paste as text, Codex generated attachment preview edit, Codex goal ignores attachment, pasted-text-attachments.json, fileAttachments promptRaw composer.getText, pre-first-token latency, search/read latency, runtime scheduling latency, Codex resume, Codex session audit, Codex history audit, Codex history map, Codex session index, session_index.jsonl, Codex session state, rollout JSONL, logs_2.sqlite, codex-tui.log, sandbox.log, thread_goals, state_5.sqlite, goals_1.sqlite, archived chats, Codex token burn, Codex usage evidence, Codex rate-limit evidence, Codex usage drain, prompt cache collapse, prompt_cache_key, cached_input_tokens, cached_tokens, low cache hit rate, websocket reconnect cache drop, Codex usage reset, Codex weekly reset drift, reset_at changed, deterministic reset, rate limit reset, write_stdin polling, cached input tokens, compaction tax, background process polling, Codex process audit, PowerShell polling, powershell.exe Get-CimInstance Win32_Process, Win32_PerfFormattedData_PerfProc_Process, chat_processes.json stale entries, Codex resource leak, Codex performance, high CPU, high GPU, shell-snapshot, Code Helper Renderer, Codex tool-call integrity, apply_patch, apply_patch Add File overwrite, patch guard, guard-patch, Add File symlink, tool_call_id, failed revert changes, patch safety, Codex quota, usage limit, rate limits, sensitive files, Codex privacy, .env, private keys, credential files, AGENTS.md, SKILL.md, Claude Code, Cursor, Copilot coding agent, Gemini CLI, MCP, Model Context Protocol, prompt injection, agent evals, AI code review, open-source maintainers, trace redaction, SARIF, GitHub Actions.
|
|
163
163
|
|
|
164
164
|
## Non-Goals
|
|
165
165
|
|
package/docs/OPENAI_OSS_BRIEF.md
CHANGED
|
@@ -3,18 +3,18 @@
|
|
|
3
3
|
| Field | Value |
|
|
4
4
|
| --- | --- |
|
|
5
5
|
| Repository | https://github.com/grnbtqdbyx-create/trace-to-skill |
|
|
6
|
-
| Package | trace-to-skill@0.1.
|
|
6
|
+
| Package | trace-to-skill@0.1.102 |
|
|
7
7
|
| License | Apache-2.0 |
|
|
8
8
|
| Codex readiness | ready (100/100) |
|
|
9
9
|
| Benchmark | pass, 46 cases |
|
|
10
10
|
|
|
11
11
|
## Why This Repository Qualifies
|
|
12
12
|
|
|
13
|
-
trace-to-skill helps open-source maintainers adopt Codex safely by turning failed coding-agent runs into evidence-backed rules, reusable workflows, CI gates, and a weekly Codex Issue Radar for live GitHub issue demand. It supports real maintenance work: PR review, issue triage, release quality, MCP risk, prompt-injection defense, privacy-preserving trace sharing, and repeat failure reduction. The repository is ready, scores 100/100 on the local Codex readiness doctor, and ships a deterministic benchmark with 46 public fixture cases.
|
|
13
|
+
trace-to-skill helps open-source maintainers adopt Codex safely by turning failed coding-agent runs into evidence-backed rules, reusable workflows, CI gates, and a weekly Codex Issue Radar for live GitHub issue demand. It supports real maintenance work: PR review, issue triage, release quality, MCP risk, prompt-injection defense, privacy-preserving trace sharing, sensitive-file policy coverage, and repeat failure reduction. The repository is ready, scores 100/100 on the local Codex readiness doctor, and ships a deterministic benchmark with 46 public fixture cases.
|
|
14
14
|
|
|
15
15
|
### 500-Character Version
|
|
16
16
|
|
|
17
|
-
> trace-to-skill helps open-source maintainers adopt Codex safely by turning failed coding-agent runs into evidence-backed rules, reusable workflows, CI gates, and a weekly Codex Issue Radar for live GitHub issue demand. It supports real maintenance work: PR review, issue triage, release quality, MCP risk, prompt-injection defense, privacy-preserving trace sharing, and repeat failure reduction. The repository is ready
|
|
17
|
+
> trace-to-skill helps open-source maintainers adopt Codex safely by turning failed coding-agent runs into evidence-backed rules, reusable workflows, CI gates, and a weekly Codex Issue Radar for live GitHub issue demand. It supports real maintenance work: PR review, issue triage, release quality, MCP risk, prompt-injection defense, privacy-preserving trace sharing, sensitive-file policy coverage, and repeat failure reduction. The repository is ready...
|
|
18
18
|
|
|
19
19
|
## How API Credits Would Be Used
|
|
20
20
|
|
|
@@ -27,12 +27,13 @@ API credits would power optional maintainer workflows on top of the local determ
|
|
|
27
27
|
## Evidence
|
|
28
28
|
|
|
29
29
|
- Public repository: https://github.com/grnbtqdbyx-create/trace-to-skill
|
|
30
|
-
- One-command package: npx trace-to-skill@0.1.
|
|
30
|
+
- One-command package: npx trace-to-skill@0.1.102
|
|
31
31
|
- Open-source license: Apache-2.0
|
|
32
32
|
- Codex readiness doctor: ready, 100/100, 0 failed checks.
|
|
33
33
|
- Public fixture benchmark: pass, 46 cases.
|
|
34
34
|
- GitHub issue demand mining: issue-map fetches or reads piped GitHub CLI issue JSON, then ranks OpenAI/Codex issues by failure class, comments, reactions, evidence gaps, and Maintainer Roadmap next artifacts.
|
|
35
35
|
- Weekly Codex Issue Radar: init --issue-map-repo owner/name scaffolds a scheduled Action that fetches live GitHub issues and publishes the pain map to the job summary or a stable tracking issue comment.
|
|
36
|
+
- Sensitive-file preflight: sensitive-audit reports filename/path-only findings, recommended .codexignore/.agentignore/.aiexclude candidates, and project policy coverage without reading secret contents.
|
|
36
37
|
- Maintainer control: generated rules are suggestions, evidence is line-linked, and secrets can be redacted before sharing.
|
|
37
38
|
|
|
38
39
|
## Next Steps Before Submitting
|
package/docs/USE_CASES.md
CHANGED
|
@@ -37,7 +37,7 @@ What it proves:
|
|
|
37
37
|
- packaged fixtures can produce a real Codex issue report immediately
|
|
38
38
|
- maintainers can inspect the output shape before sharing any private log
|
|
39
39
|
- demos cover remote compact failures, context fork bloat, subagent prompt leakage, subagent orchestration/configuration demand, usage bucket confusion, Windows helper path failures, patch overwrite safety, approval friction, latency, Thinking hangs, clipboard/attachment regressions, deeplink/OAuth launch regressions, connector auth-cache regressions, MCP discovery/config-scope mismatches, Streamable HTTP MCP parse/handshake failures, hooks contract gaps, hooks runtime failures, terminal output/scrollback integrity, subagent lifecycle drift, token burn, sensitive files, and prompt injection
|
|
40
|
-
- `sensitive-audit` scans filenames and paths before an agent run, without reading file contents, so teams can build `.agentignore`, `.aiexclude`, `.codexignore`, `.gitignore`, or sandbox permission profiles from a concrete repo report
|
|
40
|
+
- `sensitive-audit` scans filenames and paths before an agent run, without reading file contents, so teams can build `.agentignore`, `.aiexclude`, `.codexignore`, `.gitignore`, or sandbox permission profiles from a concrete repo report and see whether existing project ignore files cover the recommended patterns
|
|
41
41
|
- `lsp-audit` scans repo language signals and PATH availability so teams know which language servers are ready before asking Codex for symbol-aware edits
|
|
42
42
|
|
|
43
43
|
See the generated demo output in [docs/DEMO.md](DEMO.md).
|
|
@@ -61,7 +61,7 @@ What it proves:
|
|
|
61
61
|
Recommended CI surface:
|
|
62
62
|
|
|
63
63
|
```yaml
|
|
64
|
-
- uses: grnbtqdbyx-create/trace-to-skill@v0.1.
|
|
64
|
+
- uses: grnbtqdbyx-create/trace-to-skill@v0.1.102
|
|
65
65
|
with:
|
|
66
66
|
mode: all
|
|
67
67
|
doctor-threshold: "85"
|
|
@@ -610,7 +610,7 @@ npx trace-to-skill sensitive-audit . --format ignore --ignore-target codexignore
|
|
|
610
610
|
|
|
611
611
|
This finds sensitive-looking paths such as `.env`, `.env.*`, `.npmrc`, `.pypirc`, `.aws/**`, `.ssh/**`, `.kube/**`, `.docker/**`, private keys, certificates, local databases, mobile signing files, and secret manifests without reading file contents or following symlink targets.
|
|
612
612
|
|
|
613
|
-
The output includes a stable JSON schema plus recommended exclude globs that can seed `.agentignore`, `.aiexclude`, `.codexignore`, `.gitignore`, local sandbox permission profiles, or team security review checklists. `--format ignore` renders a reviewable generated file candidate and still does not mutate the repo. It is a preflight report, not a sandbox boundary.
|
|
613
|
+
The output includes a stable JSON schema plus recommended exclude globs that can seed `.agentignore`, `.aiexclude`, `.codexignore`, `.gitignore`, local sandbox permission profiles, or team security review checklists. It also reports project policy coverage: whether `.codexignore`, `.agentignore`, `.aiexclude`, or `.gitignore` already exists and which recommended patterns each file covers or misses. `--format ignore` renders a reviewable generated file candidate and still does not mutate the repo. It is a preflight report, not a sandbox boundary; `.gitignore` coverage is useful hygiene evidence but not proof of a Codex read-deny boundary.
|
|
614
614
|
|
|
615
615
|
## 33. Workspace Checkpoint Before Agent Runs
|
|
616
616
|
|
package/llms.txt
CHANGED
|
@@ -137,7 +137,7 @@ gh issue list --repo openai/codex --state all --limit 100 --json number,title,bo
|
|
|
137
137
|
## GitHub Action
|
|
138
138
|
|
|
139
139
|
```yaml
|
|
140
|
-
- uses: grnbtqdbyx-create/trace-to-skill@v0.1.
|
|
140
|
+
- uses: grnbtqdbyx-create/trace-to-skill@v0.1.102
|
|
141
141
|
with:
|
|
142
142
|
mode: all
|
|
143
143
|
doctor-threshold: "85"
|
|
@@ -150,7 +150,7 @@ gh issue list --repo openai/codex --state all --limit 100 --json number,title,bo
|
|
|
150
150
|
## Weekly Codex Issue Radar
|
|
151
151
|
|
|
152
152
|
```yaml
|
|
153
|
-
- uses: grnbtqdbyx-create/trace-to-skill@v0.1.
|
|
153
|
+
- uses: grnbtqdbyx-create/trace-to-skill@v0.1.102
|
|
154
154
|
with:
|
|
155
155
|
mode: issue-map
|
|
156
156
|
issue-map-repo: openai/codex
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "trace-to-skill",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.102",
|
|
4
4
|
"description": "Turn failed AI coding-agent runs into reusable AGENTS.md rules, SKILL.md files, and eval evidence.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/src/index.js",
|
|
@@ -239,6 +239,9 @@
|
|
|
239
239
|
"codexignore",
|
|
240
240
|
"codexignore-generator",
|
|
241
241
|
"agentignore-generator",
|
|
242
|
+
"ignore-policy",
|
|
243
|
+
"policy-coverage",
|
|
244
|
+
"codexignore-audit",
|
|
242
245
|
"aiexclude",
|
|
243
246
|
"sensitive-audit",
|
|
244
247
|
"agent-privacy",
|
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
"title": "trace-to-skill sensitive path audit result",
|
|
5
5
|
"type": "object",
|
|
6
6
|
"additionalProperties": false,
|
|
7
|
-
"required": ["generatedAt", "root", "status", "summary", "findings", "recommendedExcludes", "ignoreFiles"],
|
|
7
|
+
"required": ["generatedAt", "root", "status", "summary", "findings", "recommendedExcludes", "ignoreFiles", "policyCoverage"],
|
|
8
8
|
"properties": {
|
|
9
9
|
"generatedAt": {
|
|
10
10
|
"type": "string",
|
|
@@ -37,6 +37,9 @@
|
|
|
37
37
|
"items": {
|
|
38
38
|
"$ref": "#/$defs/ignoreFile"
|
|
39
39
|
}
|
|
40
|
+
},
|
|
41
|
+
"policyCoverage": {
|
|
42
|
+
"$ref": "#/$defs/policyCoverage"
|
|
40
43
|
}
|
|
41
44
|
},
|
|
42
45
|
"$defs": {
|
|
@@ -124,6 +127,90 @@
|
|
|
124
127
|
}
|
|
125
128
|
}
|
|
126
129
|
}
|
|
130
|
+
},
|
|
131
|
+
"policyCoverage": {
|
|
132
|
+
"type": "object",
|
|
133
|
+
"additionalProperties": false,
|
|
134
|
+
"required": ["summary", "files", "notes"],
|
|
135
|
+
"properties": {
|
|
136
|
+
"summary": {
|
|
137
|
+
"$ref": "#/$defs/policyCoverageSummary"
|
|
138
|
+
},
|
|
139
|
+
"files": {
|
|
140
|
+
"type": "array",
|
|
141
|
+
"items": {
|
|
142
|
+
"$ref": "#/$defs/policyCoverageFile"
|
|
143
|
+
}
|
|
144
|
+
},
|
|
145
|
+
"notes": {
|
|
146
|
+
"type": "array",
|
|
147
|
+
"items": {
|
|
148
|
+
"type": "string"
|
|
149
|
+
}
|
|
150
|
+
}
|
|
151
|
+
}
|
|
152
|
+
},
|
|
153
|
+
"policyCoverageSummary": {
|
|
154
|
+
"type": "object",
|
|
155
|
+
"additionalProperties": false,
|
|
156
|
+
"required": ["checkedFiles", "existingFiles", "recommendedPatterns", "coveredPatterns", "missingPatterns"],
|
|
157
|
+
"properties": {
|
|
158
|
+
"checkedFiles": {
|
|
159
|
+
"type": "integer",
|
|
160
|
+
"minimum": 0
|
|
161
|
+
},
|
|
162
|
+
"existingFiles": {
|
|
163
|
+
"type": "integer",
|
|
164
|
+
"minimum": 0
|
|
165
|
+
},
|
|
166
|
+
"recommendedPatterns": {
|
|
167
|
+
"type": "integer",
|
|
168
|
+
"minimum": 0
|
|
169
|
+
},
|
|
170
|
+
"coveredPatterns": {
|
|
171
|
+
"type": "integer",
|
|
172
|
+
"minimum": 0
|
|
173
|
+
},
|
|
174
|
+
"missingPatterns": {
|
|
175
|
+
"type": "integer",
|
|
176
|
+
"minimum": 0
|
|
177
|
+
}
|
|
178
|
+
}
|
|
179
|
+
},
|
|
180
|
+
"policyCoverageFile": {
|
|
181
|
+
"type": "object",
|
|
182
|
+
"additionalProperties": false,
|
|
183
|
+
"required": ["target", "filename", "path", "exists", "coveredPatterns", "missingPatterns", "note"],
|
|
184
|
+
"properties": {
|
|
185
|
+
"target": {
|
|
186
|
+
"type": "string",
|
|
187
|
+
"enum": ["agentignore", "codexignore", "aiexclude", "gitignore"]
|
|
188
|
+
},
|
|
189
|
+
"filename": {
|
|
190
|
+
"type": "string"
|
|
191
|
+
},
|
|
192
|
+
"path": {
|
|
193
|
+
"type": "string"
|
|
194
|
+
},
|
|
195
|
+
"exists": {
|
|
196
|
+
"type": "boolean"
|
|
197
|
+
},
|
|
198
|
+
"coveredPatterns": {
|
|
199
|
+
"type": "array",
|
|
200
|
+
"items": {
|
|
201
|
+
"type": "string"
|
|
202
|
+
}
|
|
203
|
+
},
|
|
204
|
+
"missingPatterns": {
|
|
205
|
+
"type": "array",
|
|
206
|
+
"items": {
|
|
207
|
+
"type": "string"
|
|
208
|
+
}
|
|
209
|
+
},
|
|
210
|
+
"note": {
|
|
211
|
+
"type": "string"
|
|
212
|
+
}
|
|
213
|
+
}
|
|
127
214
|
}
|
|
128
215
|
}
|
|
129
216
|
}
|